Russian Spearphishing Campaign Targeted Individuals Over 400 Companies

Over 400 industrial businesses were targets of a spearphishing campaign that involved very personalized email messages which were disguised as accounting and procurement documents.

In one wave of attacks that essentially began back in autumn 2017, hackers targeted around 800 machines and addresses, all of the victims who were targeted by their first names and surnames, according to a blog post by Kaspersky Lab.

The companies that were targeted in the attack were in oil, gas, manufacturing, energy, engineering, mining, logistics, and construction industries.

Kaspersky Lab security expert Vyachesav Kopeytsev stated: “The attackers demonstrated a clear interest in targeting industrial companies in Russia. Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets, such as financial services.”

He also went on to add that cyber-criminals all over the world consider industrial businesses to be lucrative targets for their cyber attacks.

The attackers, in this case, were hoping to steal money from the accounts of their victims utilizing legitimate remote administration software like Remote Manipulator System/Remote Utilities or RMS or TeamViewer

Betabot/Neurevt, Babylon RAT, Hallaj PRO, and AZORult stealer were also used by the cyber-criminals for stealing additional info like passwords and login details for SSH/FTP/Telnet clients, mailboxes, and websites, as well as screenshot capturing and keystroke logging.

Remote utilities were utilized by the attackers to gain control of the system remotely (RDP) and potentially transfer files both to and from the system, execute remote shell commands and remotely manage running application processes.

Consequently, these tools gave attackers the ability to record both sound and video from recording devices that were connected to the affected system, videos and capture screenshots, and manage the system registry remotely.

Most of the attacks targeted Russian companies, however, researchers noted that the same techniques could essentially be utilized for targeting industrial businesses located in any country in the world.

Comments on this article? Please leave them below

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients